Wireless communication requires efficient and secure encryption, which is also known as ciphering. The demand for more efficient ciphering techniques (also known as ciphers) is expected to increase with new generations of wireless communication, e.g., in a 5G system, as the required data rates are expected to significantly increase.
In addition, services vital for society such as transport, e-health, smart-city management and environmental monitoring require security mechanisms providing high levels of assurance.
For encryption purposes, there are two types of ciphers, namely block ciphers and stream ciphers. Block ciphers have been studied for over 50 years. Collected knowledge about their functional definition and cryptanalysis led to an Advanced Encryption Standard (AES), which is widely accepted for strong resistance against various kinds of attacks. Block ciphers can be used in special modes that let them operate as stream ciphers, wherein the data rate of the block cipher is an upper bound to the data rate achievable by the stream cipher. 3G and 4G wireless communication systems use the dedicated stream cipher SNOW3G or stream ciphers based on block ciphers. However, with ciphering data rates below 1 Gbps, existing ciphers would pose a bottleneck in the most demanding LTE-Advanced and 5G applications targeting such data rates.
Though military applications have relied on stream ciphers for a long time, active public investigation of stream ciphers began only about 30 years ago, wherein the security of legacy stream ciphers has been queried. For example, the popular stream ciphers A5/1 and A5/2 used in the Global System for Mobile communications (GSM) standard and the stream cipher EO used in Bluetooth have been found susceptible to a number of attacks described by E. Biham and O. Dunkelman in “Cryptanalysis of the A5/1 GSM stream cipher”, Progress in Cryptology, INDOCRYPT 2000, pp. 43-51, Springer, 2000. As a result, the stream cipher A5/1 was replaced by a stream cipher A5/3 that is based on a block cipher, and use of the stream cipher A5/2 was subsequently prohibited.
A further widespread stream cipher, RC4, used to secure wireless networks according to the original IEEE 802.11 standard was shown to be vulnerable, if the beginning of the output keystream is not discarded, if non-random or related keys are used, or if a single keystream is used twice, by E. Tews, R.-P. Weinmann and A. Pychkine in “Breaking 104-bit WEP in under a minute”, Cryptology ePrint Archive: Report 2007/120, 2007 (http://eprint.iacr.org/2007/120). As a consequence, the AES replaced the stream cipher RC4 in the IEEE 802.11i standard.
Despite past security problems mentioned above, the need for secure and efficient stream ciphers is expected to increase in future generations of wireless communication, since 5G wireless communication is envisioned to provide on the order of 1000 times higher traffic volume compared to current LTE deployments while improving Quality of Service (M. Olsson et al., 5GrEEn: “Towards green 5G mobile networks”, WiMob, pp. 212-216, 2013). Consumer data rates of hundreds of Mbps are expected to be available in general scenarios and multi-Gbps in specific scenarios. In addition, low latency of a few milliseconds or below needs to be supported in use cases for safety or control mechanisms in processing industry, for electrical-distribution grids or for traffic (Ericsson White Paper “5G radio access”, June 2013). It is likely that due to their efficiency, dedicated stream ciphers may play an important role in this development, if the necessary security requirements can be met.